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Exhibit B 
' tzlasOl . log ' 



SQL> OtzlasOl 
SQL> 

SQL> CONNECT LBACSYS /LBACSYS 

Connected . 

SQL> 

SQL> Create two SA policies 

SQL> EXECUTE SA_SYSDBA . CREATE_POLICY ( ' SA1 ' , ■ SAl_COL - , ' ALL_CONTROL ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_SYSDBA . CREATE_POLICY ( 1 SA2 ' , 1 SA2_COL - , ' NO_CONTROL ' ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> -- Initialize PUBLIC labels for them 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' SA1 ' , 0 , ' PUBLIC ' , ' PUBLIC Level ' ) ; 
PL/ SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' SA2 ' , 0 , - PUBLIC ' , - PUBLIC Level - ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ',10 , ' public > ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sa2 1 10 'public' )• 
BEGIN SA_LABEL_ADMIN.CREATE_LABEL ( ' sa2 ',10, 'public ' ) ; END; ' 

ERROR at line 1: 

n™~™ 2: LEAC err ° r: Lab£l With the given label ta 9 ; 10 already exists 
ORA-06512: at "LBACSYS . LBAC_STANDARD " , line 0 
ORA-06512: at "LBACSYS . LBAC_LABEL ADMIN", line 57 
ORA-06512 : at line 1 

SQL> 

SQL> -- Setup some labels for policy SA1 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' sal ',10 , ' c ' , ' confidential ■ ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' sal ' , 2 0 , • s ' , ' SECRET ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_LE VEL ( ■ sal > , 3 0 , ' ts ' , ' Top Secret'); 

PL/SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA_LABELS . CREATE_COMPARTMENT ('sal', 5 , ' A ' , ' ALPHA ' ) ; 



PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_COMPARTMENT ('sal 1 , 10, ' b ' , 'beta'); 

PL/SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA_LABELS . CREATE_GROUP ( ' sal ' , 5 , ' Gl ' , ' group 1 ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA__L ABELS . CREATE_GROUP ( ' sal 1 , 51 , ' G2 1 , ' group 2 \ ' Gl 1 ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_GROUP ('sal 1 , 52, 1 G3 ' , ' group 3 ' , ' Gl ' ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL > EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ('sal', 2 0 0, ' c ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 22 5 , ' c : b , a ' ) ; 
PL/ SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sal ' , 2 10 , ' c : a ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 2 05 , • c : : g2 ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 3 0 0 , 1 s ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 3 1 0 , ' s : a ' ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> -- Generate some labels 

SQL> SELECT LABEL_TO_CHAR (TO_SA_LABEL ( 1 sal ' , ' c : a : gl ' ) ) FROM DUAL; 
LABEL_TO_CHAR (TO_SA_LABEL ( ' SA1 ' , ' C : A : Gl ' ) ) 

C:A:G1 

1 row selected. 

SQL> SELECT LABEL_TO_CHAR (TO_SA_LABEL ( ' sal > , ' s : a , b ' ) ) PROM DUAL; 



LABEL_TO_CHAR (TO_SA_LABEL ( ' SA1 ' , ' S : A, B ' ) ) 



S:A,B 

1 row selected. 

SQL> SELECT LABEL_TO_CHAR (TO_SA_LABEL ( - sal - , 'public : a : gl ■ ) ) FROM DUAL; 
LABEL_TO_CHAR ( TO_SA_LABEL ( ■ SA1 ' , ' PUBLIC : A: Gl 1 ) ) 

PUBLIC :A:G1 



1 row selected. 
SQL> 

SQL> COL POL I C Y_NAME FORMAT A15 

SQL> COL LABEL FORMAT A2 0 

SQL> SELECT * FROM DBA_SA_LABELS ; 



POLICY NAME 



LABEL 



LABEL_TAG LABEL TYPE 



SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 

10 rows selected. 



SQL> 

SQL> col labelvalue format a2 0 
SQL> col policy_name format alO 
SQL> SELECT * from dba_sa_labels ; 



C: :G2 
C:A 
C:A,B 



C:A:G1 
S:A,B 

PUBLIC: A: Gl 



10 USER LABEL 
2 00 USER/DATA LABEL 

2 05 USER /DATA LABEL 
210 USER/DATA LABEL 
225 USER/DATA LABEL 

3 00 USER/ DATA LABEL 
310 USER/ DATA LABEL 

1000000000 USER/DATA LABEL 

1000000001 USER/DATA LABEL 

1000000002 USER /DATA LABEL 



POLICY_NAM LABEL 



SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 
SA1 



C: :G2 
C: A 
C:A,B 
S 

S:A 

C:A:G1 

S:A,B 

PUBLIC : A: Gl 



LABEL_TAG LABEL_TYPE 

10 USER LABEL 
200 USER /DATA LABEL 

2 05 USER/DATA LABEL 
210 USER/DATA LABEL 
225 USER/DATA LABEL 

3 00 USER/DATA LABEL 
310 USER/DATA LABEL 

1000000000 USER/DATA LABEL 

1000000001 USER/DATA LABEL 

1000000002 USER /DATA LABEL 



10 rows selected. 



SQL; 



SQL> -- Set user labels 

SQL> EXECUTE SA_USER_ADMIN . SET_LEVELS ( ' sal > , ' scott > , > s > , ' c ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_USER_ADMIN . SET_COMPARTMENTS ('sal',' scott ' , ' a, b ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_USER_ADMIN. SETJ3R0UPS ( ' sal ' , ' scott ' , ' Gl ' ) ; 
PL/SQL procedure successfully completed. 

SQL> SELECT * FROM dba_sa_user_levels ORDER BY policy_name , user_name; 
POLICY_NAM USER_NAME MAX_LEVEL 
MIN_LEVEL DEF_LEVEL 
ROW_LEVEL 

SA1 SCOTT g 



1 row selected. 

SQL> SELECT * FROM dba_sa_user_compartments ORDER BY P olicy_name, user_name; 
POLICY_NAM USER NAME rnMP 



2 rows selected. 



SQL> SELECT * f ROM dba_sa_user_groups ORDER BY policy_nam e/ user_name ; 
POLICY_NAM USER NAME rRP 



y 



1 row selected. 
SQL> 

SQL> -- Look at session labels 
SQL> CONNECT scott/tiger 
Connected . 
SQL> 

SQL> create or replace FUNCTION get list (pol IN VARCHAR2 ) 

2 RETURN VARCHAR2 IS 

3 test_list Ibacsys . lbac_label_list ; 

4 begin 

5 test_list:=lbac_session.effective_labels (pol) • 

7 END ETURN label - list - to - named - char (test_list, 'effective' ) ; 

8 / 

Function created. 
SQL> 

SQL> select get_list { ' sal ' ) from dual; 
GET_LIST ( ' SA1 ' ) 



LME™ LABEL= ' S:A ' B:G1 ' G2 ' G3 '' MA X WRITE LABEL= ' S : A, B : Gl , G2 , G3 ' , M 

LA^EL= E S U ?A^G L= ' 5 : A ' B 1 01 ' ^ ' ^ ' ' WRITE LABEL= ' S = A ' B 1 01 ' 02 ' 03 ' < R0W 
1,G2,G3' 



1 row selected. 

SQL> select get_list ( ' sa2 1 ) from dual ; 
GET_LIST ( ' SA2 ' ) 



1 row selected. 
SQL> 

SQL> SQL> 



